Straight-forward SPI iptables firewall scriptDaemon process that checks for login authentication failures for:Courier imap, Dovecot, uw-imap, KerioopenSSHcPanel, WHM, Webmail (cPanel servers only)Pure-ftpd, vsftpd, ProftpdPassword protected web pages (htpasswd)Mod_security failures (v1 and v2)Suhosin failuresExim SMTP AUTHCustom login failures with separate log file and regular expression matchingPOP3/IMAP login tracking to enforce logins per hourSSH login notificationSU login notificationExcessive connection blockingUI Integration for cPanel, DirectAdmin and WebminEasy upgrade between versions from within cPanel/WHM, DirectAdmin or WebminEasy upgrade between versions from shellPre-configured to work on a cPanel server with all the standard cPanel ports openPre-configured to work on a DirectAdmin server with all the standard DirectAdmin ports openAuto-configures the SSH port if it's non-standard on installationBlock traffic on unused server IP addresses - helps reduce the risk to your serverAlert when end-user scripts sending excessive emails per hour - for identifying spamming scriptsSuspicious process reporting - reports potential exploits running on the serverExcessive user processes reportingExcessive user process usage reporting and optional terminationSuspicious file reporting - reports potential exploit files in /tmp and similar directoriesDirectory and file watching - reports if a watched directory or a file changesBlock traffic on the DShield Block List and the Spamhaus DROP ListBOGON packet protectionPre-configured settings for Low, Medium or High firewall security (cPanel servers only)Works with multiple ethernet devicesServer Security Check - Performs a basic security and settings check on the server (via cPanel/DirectAdmin/Webmin UI)Allow Dynamic DNS IP addresses - always allow your IP address even if it changes whenever you connect to the internetAlert sent if server load average remains high for a specified length of timemod_security log reporting (if installed)Email relay tracking - tracks all email sent through the server and issues alerts for excessive usage (cPanel servers only)IDS (Intrusion Detection System) - the last line of detection alerts you to changes to system and application binariesSYN Flood protectionPing of death protectionPort Scan tracking and blockingPermanent and Temporary (with TTL) IP blockingExploit checksAccount modification tracking - sends alerts if an account entry is modified, e.g. if the password is changed or the login shellShared syslog awareMessenger Service - Allows you to redirect connection requests from blocked IP addresses to preconfigured text and html pages to inform the visitor that they have been blocked in the firewall. This can be particularly useful for those with a large user base and help process support requests more efficientlyCountry Code blocking - Allows you to deny or allow access by ISO Country CodePort Flooding Detection - Per IP, per Port connection flooding detection and mitigation to help block DOS attacksDirectAdmin UI integrationUpdated Webmin UI integrationWHM root access notification (cPanel servers only)New in v5: lfd Clustering - allows IP address blocks to be automatically propagated around a group of servers running lfd. It allows allows cluster-wide allows, removals and configuration changesNew in v5: Quick start csf - deferred startup by lfd for servers with large block and/or allow listsNew in v5: Distributed Login Failure Attack detectionNew in v5: Temporary IP allows (with TTL)New in v5: IPv6 Support with ip6tables...lots more!

The reason we have developed this suite is that we have found over the years of providing server services that many of the tools available for the task are either over-complex, not user friendly, or simply aren't as effective as they could be.

Changes:

- Fixed missing perm.png from DA install- Fixed Temporary IP Entries table headers in UI- If DENY_IP_LIMIT is reached, remove excess IPs from iptables as well as csf.deny (previously only removed from csf.deny)- csf on cPanel servers automatically re-enables the cPanel Bandwith chains after iptables is configured. If bandmin is not functioning, or you don't use the bandmin stats you can disable this new option LF_CPANEL_BANDMIN (enabled by default on cPanel servers)/quote]